<?php
$host="mysql-user.cse.msu.edu"; // Host name
$username="hewittry"; // Mysql username
$password="A39777266"; // Mysql password
$db_name="hewittry"; // Database name
$tbl_name="AllUsers"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$newusername=$_POST['newUsername'];
$newpassword=$_POST['newPword'];
$newemail=$_POST['newEmail'];
$newtelephone=$_POST['newTelephone'];
$newcity=$_POST['newCity'];
$newstate=$_POST['newState'];
$desc=$_POST['desc'];

$sql="SELECT * FROM $tbl_name WHERE LogonID='$newusername'";
$result=mysql_query($sql);

$sqlAddUsr = "INSERT INTO AllUsers VALUES ('";

$sqlAddNonAdmin = "INSERT INTO NonAdmins VALUES ('";




if(isset($_POST['newUsername'], $_POST['newPword']) && mysql_num_rows($result) == 0 && $newusername != "" && $newpassword != "")
{
	// 2 is the userType id for a dealer, 3 is for a regular user
	// 1 is admin but don't care about that here
	$userType = (isset($_REQUEST['dealerCheck'])) ? 2 : 3;	
	
	$sqlAddUsr .= $_POST['newUsername'] . "', '";
	$sqlAddUsr .= $_POST['newPword'] . "', ";
	$sqlAddUsr .= $userType . ");";
	mysql_query($sqlAddUsr);

	$sqlAddNonAdmin .= $_POST['newUsername'];
	$sqlAddNonAdmin .= "' , '";
	$sqlAddNonAdmin .= $_POST['newEmail'];
	$sqlAddNonAdmin .= "' , '";
	$sqlAddNonAdmin .= $_POST['newTelephone'];
	$sqlAddNonAdmin .= "' , '";
	$sqlAddNonAdmin .= $_POST['newCity'];
	$sqlAddNonAdmin .= "' , '";
	$sqlAddNonAdmin .= $_POST['newState'];
	$sqlAddNonAdmin .= "');";
	mysql_query($sqlAddNonAdmin);

	$usrType = "Type";
	

	if(isset($_POST['dealerCheck']))
	{
		$sqlAddDealer = "INSERT INTO Dealer VALUES ('";
		$sqlAddDealer .= $_POST['newUsername'];
		$sqlAddDealer .= "' , '";
		$sqlAddDealer .= mysql_real_escape_string($_POST['newCoName']);
		$sqlAddDealer .= "' , '";
		$sqlAddDealer .= $_POST['newStreetNum'];
		$sqlAddDealer .= "' , '";
		$sqlAddDealer .= mysql_real_escape_string($_POST['newStreetName']);
		$sqlAddDealer .= "' , '";
		$sqlAddDealer .= $_POST['newZipcode'];
		$sqlAddDealer .= "' , '";
		$sqlAddDealer .= $_POST['newURL'];
		$sqlAddDealer .= "' , '";
		$sqlAddDealer .= mysql_real_escape_string($_POST['desc']);
		$sqlAddDealer .= "');";
		mysql_query($sqlAddDealer);
		$usrType = "Dealer";
		
	}
	else
	{
		$sqlAddRegUsr = "INSERT INTO RegisteredUser VALUES ('";
		$sqlAddRegUsr .= $_POST['newUsername'];
		$sqlAddRegUsr .= "' , '";
		$sqlAddRegUsr .= $_POST['newName'];
		$sqlAddRegUsr .= "');";
		mysql_query($sqlAddRegUsr);
		$usrType = "RegUser";
	}

	session_start();
	$_SESSION["username"] = $_POST['newUsername'];
	$_SESSION["pword"] = $_POST['newPword'];
	$_SESSION["usertype"] = $usrType;
	header("location:index.php");
}
else
{
	echo 'Invalid Input, </br><a class="headerlink" href="newUser.php">Retry</a>';
}

// To protect MySQL injection (more detail about MySQL injection)
//$myusername = stripslashes($myusername);
//$mypassword = stripslashes($mypassword);
//$myusername = mysql_real_escape_string($myusername);
//$mypassword = mysql_real_escape_string($mypassword);



// Mysql_num_row is counting table row
//$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

//if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
//session_start();
//$_SESSION["username"] = $myusername;
//$_SESSION["pword"] = $mypassword;

//}
//else {
//echo 'Wrong Username or Password, </br><a class="headerlink" href="signin.php">Retry</a>';
//}
?>
